Visualize Windows Events using Python3 & Neo4j

Abstract: Windows events is an important detailed record of system and can be used to address questions like “Who, What, When”. With this presentation, I will demonstrate the visualization of more than 15 windows security events using a custom Python3 script and Neo4j database. In addition, I will query the Neo4j in order to hunt for malicious tasks that may have occurred or tasks that a normal domain user should not do (for example: execute PowerShell.exe). Bio: For the past two and a half years, I have been a core member at Deloitte’s Cyber Risk department in Cyprus. As a senior consultant, I have participated in a variety of projects including infrastructure, web applications, mobile applications and external penetration tests to clients as well as preparation of training manuals for the Risk Advisory department of the firm. I hold OSCP (Offensive-Security) & CEHv9 (EC-Council) certifications and currently study for OSWE (Offensive-Security Web Expert). I presented DropTheMic / CVE-2019-1040 at the first Bsides conference held in Cyprus in October 2019. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Security BSides Athens 2020 CyberSecurity | InfoSec | Ethical Hacking | Computer Security | Evolving Threats | Threat Landscape | Privacy | Cyber Resilience Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Athens, Greece. More: https://www.bsidesath.gr Follow on Twitter: @BSidesAth